You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -34,37 +35,81 @@ Zap Browser is an open-source desktop browser that unifies a full Chromium brows
34
35
35
36
## Features
36
37
37
-
**Privacy & Security** — EasyList + EasyPrivacy + uBlock Origins parsed into 106,000+ domain block set, updated automatically every 24 hours. 12,000+ cosmetic CSS rules hide ad slots even when the domain can't be blocked. WebRTC disabled at both JS and permission-handler level — verified no-leak on browserleaks.com. User-Agent rotated every session from a pool of real browser strings. Push notifications, geolocation, camera and microphone permissions blocked by default. JS dialogs (alert, confirm, prompt) are currently suppressed as a temporary development simplification. This behavior is not final and will be replaced with a proper, secure and user-controlled dialog system (with per-site permissions) in future releases.
38
+
### Privacy & Security
38
39
39
-
**Lightning (NWC)** — Connect any LND or CLN node via a `nostr+walletconnect://` connection string. Compatible with Alby, Zeus, Mutiny, Breez, Phoenix, LNbits. Communication runs over a real WebSocket to the configured Nostr relay with NIP-47 ECDH encryption. Pay invoices, create invoices, check balance, disconnect — all from inside the browser.
40
+
-**106,000+ domain blocklist** — EasyList + EasyPrivacy + uBlock Origins, parsed and applied at the network layer. Updated automatically every 24 hours. No extension required.
41
+
-**12,000+ cosmetic CSS rules** — hide ad containers even when the domain is not in the blocklist.
42
+
-**WebRTC IP leak prevention** — disabled at both JS override and Electron permission-handler level. Verified no-leak on browserleaks.com.
43
+
-**User-Agent rotation** — randomised every session from a pool of real Chrome, Firefox and Safari strings across Linux, Windows and macOS.
44
+
-**Permissions blocked by default** — camera, microphone, geolocation, push notifications.
45
+
-**Tracking headers stripped** — `X-Forwarded-For`, `Via`, `From` removed from every outgoing request.
46
+
-**Service Worker cache cleared on startup** — prevents fingerprinting via stale cached assets.
47
+
-**No telemetry, no crash reporting, no cloud sync** — SQLite local only.
48
+
-**SSL certificates** — standard Chromium validation. Self-signed certs are not silently accepted.
40
49
41
-
**Cashu Ecash** — Chaumian ecash wallet powered by cashu-ts. The mint cannot link sends to receives. Multi-mint support. Tokens can be created and received offline. No blockchain, no public addresses, no transaction graph.
50
+
### Key storage
42
51
43
-
**Liquid L-BTC**— UI scaffolded for confidential Liquid transactions. BIP39 key derivation in development.
52
+
The Nostr private key and BIP39 seed are **encrypted at rest**using AES-256-GCM. The encryption key is stored in the OS keychain (libsecret on Linux, Keychain on macOS) and never written to disk in plaintext. The private key never leaves the Electron main process and is never transmitted over the network.
44
53
45
-
**Nostr** — `window.nostr` injected into every page (NIP-07). Automatic login on Primal, Damus, Snort, Stacker News and any NIP-07 compatible site. Keypair derived deterministically from BIP39 seed via NIP-06. NIP-04 encrypted DMs supported. Visual indicator in toolbar when the current site supports Nostr login. nsec importable at any time from Settings. Private key never leaves the Electron main process — the browser only signs locally and never publishes to relays.
54
+
### Lightning (NWC)
46
55
47
-
**Value4Value** — Detects `<meta name="lightning">` tags. One-click boost payments to creators. Configurable auto-pay (sats per minute while reading).
56
+
Connect any LND or CLN node via a `nostr+walletconnect://` connection string. Compatible with Alby, Zeus, Mutiny, Breez, Phoenix, LNbits. Communication runs over a real WebSocket to the configured Nostr relay with NIP-47 ECDH encryption. Pay invoices, create invoices, check balance, disconnect — all from inside the browser.
48
57
49
-
**Bookmarks & History** — Bookmarks bar below the address bar with overflow dropdown. Import bookmarks from any browser via HTML export (Chrome/Firefox/Edge/Safari). Clickable browsing history grouped by day. Toggle bookmarks bar visibility from Settings.
58
+
### Cashu Ecash
59
+
60
+
Chaumian ecash wallet powered by cashu-ts. Mint tokens directly from a Lightning invoice. Multi-mint support. Receive tokens from other wallets. No blockchain, no public addresses, no transaction graph. The mint cannot link sends to receives.
61
+
62
+
### Nostr
63
+
64
+
`window.nostr` injected into every page (NIP-07). Automatic login on Primal, Damus, Snort, Stacker News and any NIP-07 compatible site. Keypair derived deterministically from BIP39 seed via NIP-06. NIP-04 encrypted DMs supported. Visual indicator in toolbar when the current site supports Nostr login. nsec importable at any time from Settings. The browser only signs locally — it never publishes events to relays on its own.
65
+
66
+
### Value4Value
67
+
68
+
Detects `<meta name="lightning">` tags. One-click boost payments to creators. Configurable auto-pay (sats per minute while reading).
69
+
70
+
### Bookmarks & History
71
+
72
+
Bookmarks bar below the address bar with overflow dropdown. Import bookmarks from any browser via HTML export (Chrome/Firefox/Edge/Safari). Clickable browsing history grouped by day. Toggle bookmarks bar from Settings.
73
+
74
+
---
75
+
76
+
## Security notes
77
+
78
+
The following issues were addressed in v0.3.4 following community feedback:
79
+
80
+
| Issue | Status |
81
+
|-------|--------|
82
+
| SSL certificate bypass (accepted any cert including MitM) |**Fixed** — standard Chromium validation |
83
+
|`confirm()` forced to return `true` (broke legitimate dialogs) |**Fixed** — browser dialogs work normally |
84
+
| Private key stored in plaintext in SQLite |**Fixed** — AES-256-GCM + OS keychain |
85
+
| BIP39 seed stored in plaintext in SQLite |**Fixed** — AES-256-GCM + OS keychain |
86
+
| Duplicate IPC handler registration |**Fixed**|
87
+
| NIP-04 encrypt/decrypt using raw stored bytes instead of decrypted key |**Fixed**|
88
+
| No input validation on sensitive IPC channels |**Fixed** — type and format checks added |
89
+
| Debug `console.log` with internal data in production build |**Fixed**|
90
+
91
+
Remaining known limitations (tracked in roadmap):
92
+
93
+
- JS dialogs (`alert`, `confirm`, `prompt`) are currently suppressed browser-wide. A proper per-site permission system is planned for v0.4.
94
+
- Seed encryption uses the OS keychain; on systems without libsecret the fallback is an in-process key (not persisted). Full keychain support across distros is in progress.
@@ -86,7 +131,7 @@ The onboarding wizard runs once on first launch. Choose between **Bitcoin + Priv
86
131
87
132
## Connect Your Lightning Node
88
133
89
-
Open Alby (alby.com), Zeus, or LNbits on your node, go to Connections → NWC → Add new, copy the `nostr+walletconnect://` string, then paste it in the Zap Browser Wallet panel → NWC tab → Connect.
134
+
Open Alby, Zeus, or LNbits, go to Connections → NWC → Add new, copy the `nostr+walletconnect://` string, then paste it in Zap Browser → Wallet → NWC → Connect.
90
135
91
136
---
92
137
@@ -101,6 +146,7 @@ src/
101
146
│ ├── nostr.js — NIP-06 keypair, NIP-07 local signer
| v1.0 | Public release, signed builds, auto-update |
150
197
@@ -159,13 +206,13 @@ src/
159
206
- ⭐ **Like the project?** Star the repo — it helps visibility
160
207
- 🔧 **Want to contribute?** Priority areas: L-BTC libwally FFI, real DoH, canvas fingerprinting, LNURL flows, QR codes, Tor bundle, Windows build
161
208
162
-
Priority contribution areas: Cashu-ts real wallet integration, libwally-core FFI for L-BTC, real DoH at Electron level, canvas fingerprinting randomization, LNURL-pay/auth flows, QR code display, Tor binary bundle.
209
+
*This is genuinely early — some things are rough. I'd rather ship and learn than wait for perfection.*
163
210
164
211
---
165
212
166
213
## Security
167
214
168
-
The BIP39 seed is never transmitted over the network. The Nostr private key never leaves the Electron main process. The SQLite database is local — no cloud sync, no telemetry, no crash reporting. The browser never publishes events to Nostr relays; it only signs locally on request from web pages. To report a vulnerability: open a private issue on GitHub.
215
+
The BIP39 seed and Nostr private key are encrypted at rest with AES-256-GCM. The encryption key lives in the OS keychain and is never written to disk. Neither the seed nor the private key is ever transmitted over the network. The SQLite database is local — no cloud sync, no telemetry, no crash reporting. The browser never publishes events to Nostr relays; it only signs locally on request from web pages. To report a vulnerability: open a private issue on GitHub.
0 commit comments